diff --git a/CHANGELOG.md b/CHANGELOG.md
index dee0f84d..6ef72fc8 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,200 +1,196 @@
-# Change log
+# Changelog
-## [1.7.2] - 2024-05-06
-### Added
--
+All notable changes to this project will be documented in this file.
-### Changed
--
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.7.3] - 2024-05-29
### Fixed
-- Using Ledger SDK `cx_crc32()` function rather than buggy `cx_crc32_hw()`.
+- Changed name of 'Generate BIP39' menus to 'Recover BIP39'
+- Changed Second Montgomery constant used for `cx_bn_gf2_n_mul()` to a more suitable value
+- Improve efficiency of `cx_bn_gf2_n_mul()` for Nano S
+- Change cmocka git repo from cryptomilk.org to GitLab
+## [1.7.2] - 2024-05-06
+
+### Fixed
+
+- Using Ledger SDK `cx_crc32()` function rather than buggy `cx_crc32_hw()`.
+- Fix build with SDK master for Nano S
## [1.7.1] - 2024-03-06
-### Added
--
### Changed
-- Improve efficiency of SSS `interpolate()` function
-### Fixed
--
+- Improve efficiency of SSS `interpolate()` function
## [1.7.0] - 2024-03-03
+
### Added
+
- Added detailed documentation for all SSKR and SSS functions
### Changed
+
- Changed Shamir interpolate function to use `cx_bn_gf2_n_mul()` syscalls
- Changed some function names to be more descriptive
- Reorganised and renamed some of the SSKR and Shamir code
-### Fixed
--
-
## [1.6.1] - 2024-01-27
+
### Added
+
- Added a Release Policy document
### Changed
+
- Updated version of cmocka used for unit tests
- Updated version of github actions used
- Assert HMAC return values
### Fixed
+
- Fixed failing Ledger rule enforcer check
- Use `cx_crc32_hw()`
- Ledger have fixed their buggy implementation of CRC32 so we can start using it again
## [1.6.0] - 2024-01-14
+
### Added
+
- Use CX_CHECK macro in `compare_recovery_phrase()`
- Added a `cx_crc32()` function
- The implementation of `cx_crc32_hw()` on Ledger devices is buggy and produces incorrect CRC32 checks. Ledger are fixing `cx_crc32_hw()` on each device either through SDK or OS updates but until then `cx_crc32()` can be used.
-### Changed
--
-
-### Fixed
--
-
## [1.5.4] - 2023-11-30
+
### Added
+
- Added mandatory Ledger embedded application manifest file
### Changed
-- Combined BIP39 wordlist and SSKR wordlist unit tests
-### Fixed
--
+- Combined BIP39 wordlist and SSKR wordlist unit tests
## [1.5.3] - 2023-11-18
+
### Added
+
- Added unit tests for BIP39
- Added unit tests for BIP39 word list and SSKR word list
-### Changed
--
-
### Fixed
+
- Fixed CodeQL warnings about sign check of a bitwise operation
- Fixed issue with restarting input from a previous word on Nano S
## [1.5.2] - 2023-11-15
-### Added
--
### Changed
+
- Save memory by setting the SSKR word buffer to a sensible size
- There is just enough memory available on Nano S to hold the phrases for 10 shares. Other devices can hold the full 16 shares.
- Tidied up code that sets 'Processing' screen on Nano S devices
+
+### Security
+
- Changed all Variable Length Arrays to a defined length
### Fixed
+
- Fix freezing at 'Processing' screen on Nano S devices
## [1.5.1] - 2023-11-09
+
### Added
+
- Added unit tests for shamir
- Added unit tests for SSKR
- Added unit tests for BIP39 <-> SSKR roundtrip
### Changed
-- Reduce size of Nano binaries slightly by removing duplicate flows
+
- Make generic SSKR functionality more Ledger specific
-### Fixed
--
+### Removed
+
+- Reduce size of Nano binaries slightly by removing duplicate flows
## [1.5.0] - 2023-10-20
+
### Added
-- Added option to generate BIP39 mnemonics from SSKR shares even if shares do not validate against seed on device
- - A user may have lost or damaged original device and now needs to generate the recovery phrase from another secure device
-### Changed
--
+- Added option to recover BIP39 mnemonics from SSKR shares even if shares do not validate against seed on device
+ - A user may have lost or damaged original device and now needs to recover the BIP39 phrase from another secure device
### Fixed
+
- Fixed build warning about UNUSED macro
## [1.4.1] - 2023-10-13
-### Added
-- Clear buffers before exiting
-### Changed
--
+### Security
-### Fixed
--
+- Clear buffers before exiting
## [1.4.0] - 2023-05-14
+
### Added
-- Added BIP39 Check for Ledger Stax
-### Changed
--
+- Added BIP39 Check for Ledger Stax
### Fixed
+
- Fixed warnings about deprecated functions during build
## [1.3.2] - 2023-05-08
+
### Added
+
- Added some Ledger specific preprocessor conditionals to bc-sskr and bc-shamir
### Changed
-- Changed memset(x, 0, y) to memzero(x, y) macro
-### Fixed
--
+- Changed memset(x, 0, y) to memzero(x, y) macro
## [1.3.1] - 2023-05-03
-### Added
--
-
-### Changed
--
### Fixed
+
- Fixed static analyzer warning about zero-length array
- Fixed CodeQL warnings about comparison of narrow type with wide type in loop condition
## [1.3.0] - 2023-04-27
-### Added
--
### Changed
-- Removed duplicated nano code
+
- Simplified flow code
-### Fixed
--
+### Removed
+
+- Removed duplicated nano code
## [1.2.0] - 2023-04-21
+
### Added
+
- Added automated tests
- Added flow to set SSKR threshold values
-### Changed
--
-
-### Fixed
--
-
## [1.1.1] - 2023-04-06
-### Added
--
-
-### Changed
--
### Fixed
+
- Fix issue with using 'cx_crc32_hw()' function in 'onboarding_seed_sskr.c' when testing with Speculos
- Some CodeQL suggested tidy ups
## [1.1.0] - 2023-04-04
+
### Added
-- Generate BIP39 mnemonic phrases from SSKR shares
+
+- Recover BIP39 mnemonic phrases from SSKR shares
- Add 'SSKR Check' menu option
- Add flow to the 'SSKR Check' menu
- Write SSKR to BIP39 functionality
@@ -204,15 +200,10 @@
- Test on nanosp
- Test on nanox
-### Changed
--
-
-### Fixed
--
-
## [1.0.1] - 2023-03-21
### Added
+
- Clone app-recovery-check and rename to app-sskr-check
- Add SSKR (bc-sskr and bc-shamir) to app-sskr-check
- Generate SSKR shares from BIP39 mnemonic phrase
@@ -224,9 +215,3 @@
- Test on nanos
- Test on nanosp
- Test on nanox
-
-### Changed
--
-
-### Fixed
--
diff --git a/Makefile b/Makefile
index 7a6b5f2d..272f898b 100755
--- a/Makefile
+++ b/Makefile
@@ -28,7 +28,7 @@ all: default
APPNAME = "Seed Tool"
APPVERSION_M = 1
APPVERSION_N = 7
-APPVERSION_P = 2
+APPVERSION_P = 3
APPVERSION = "$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)"
APP_LOAD_PARAMS = --appFlags 0x10 $(COMMON_LOAD_PARAMS) --curve secp256k1 --path ""
diff --git a/README.md b/README.md
index 62d7867c..c2f03761 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@
---
-Use the utilities provided by this Ledger application to check a backed up seed or generate [Shamir's Secret Sharing (SSS)](https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing) for a seed.
+Use the utilities provided by this Ledger application to check a backed up BIP-39 seed, generate [Shamir's Secret Sharing (SSS)](https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing) for a seed or recover a BIP-39 phrase from a Shamir's Secret Sharing backup.
Not all Ledger devices are equal. The older, less capable devices do not have the capacity to provide a full range of seed utilities. The following table lists the seed utilities provided by each devices type:
@@ -28,47 +28,14 @@ Not all Ledger devices are equal. The older, less capable devices do not have th
|[Check BIP39](#check-bip39)|$${\color{green}✓}$$|$${\color{green}✓}$$|$${\color{green}✓}$$|$${\color{green}✓}$$|
|[Check Shamir's secret shares](#check-shamirs-secret-shares)|$${\color{green}✓}$$|$${\color{green}✓}$$|$${\color{green}✓}$$|$${\color{orange}✓}$$|
|[Generate Shamir's secret sharing](#generate-shamirs-secret-sharing)|$${\color{green}✓}$$|$${\color{green}✓}$$|$${\color{green}✓}$$|$${\color{orange}✓}$$|
-|[Generate BIP39](#generate-bip39)|$${\color{green}✓}$$|$${\color{green}✓}$$|$${\color{green}✓}$$|$${\color{orange}✓}$$|
+|[Recover BIP39](#recover-bip39)|$${\color{green}✓}$$|$${\color{green}✓}$$|$${\color{green}✓}$$|$${\color{orange}✓}$$|
|[Generate BIP85](#generate-bip85)|$${\color{red}✗}$$|$${\color{orange}✓}$$|$${\color{orange}✓}$$|$${\color{orange}✓}$$|
-## Check BIP39
-The application invites the user to type a [BIP-39](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki) mnemonic on their Ledger device. The BIP-39 mnemonic is compared to the onboarded seed and the application notifies the user whether both seeds match or not.
-
-## Generate Shamir's secret sharing
-If the user provided seed is valid and matches the onboarded seed, the user can create [Shamir's secret sharing (SSS)](https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing) from their BIP-39 phrase.
-The application uses [Sharded Secret Key Reconstruction (SSKR)](https://github.com/BlockchainCommons/Research/blob/master/papers/bcr-2020-011-sskr.md), an interoperable implementation of [Shamir's Secret Sharing (SSS)](https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing). This provides a way for you to divide or 'shard' the master seed underlying a Bitcoin HD wallet into 'shares', which you can then distribute to friends, family, or fiduciaries. If you lose your seed, you can reconstruct it by collecting a sufficient number of your shares (the 'threshold'). Knowledge of fewer than the required number of parts ensures that information about the master secret is not leaked.
-
-* SSKR is round-trip compatible with BIP-39.
-* SSKR is based on SLIP-39, developed by SatoshiLabs. It is an improvement on, but is incompatible with, SLIP-39.
-* SSKR phrases use a dictionary of exactly 256 English words with a uniform word size of 4 letters.
-* SSKR encodes a [CBOR] structure tagged with the data type [URTYPES], and is therefore self-describing.
-* Phrases generated by SSKR can be up to 46 words in length i.e. 184 characters.
-* Only two letters of each word (the first and last) are required to uniquely identify each byte value, making a minimal [ByteWords](https://github.com/BlockchainCommons/Research/blob/master/papers/bcr-2020-012-bytewords.md) encoding as efficient as hexadecimal (2 characters per byte) and yet less error prone.
-* Additionally, words can be uniquely identified by their first three letters or last three letters.
-* Minimizing the number of letters for each word simplifies transfer to permanent media such as stamped metal.
-
-For more information about SSKR, see [SSKR for Users](https://github.com/BlockchainCommons/crypto-commons/blob/master/Docs/sskr-users.md).
-
-> [!NOTE]
-> SSKR is non-deterministic. There is a random factor introduced when the shares are created, which means that every time you generate shares they will be different. This is an expected and correct result.
-
-> [!TIP]
-> Generated Shamir's Secret Shares may be cheaply and safely backed up to a steel wallet using the methods described [here](https://blockmit.com/english/guides/diy/make-cold-wallet-washers/) or [here](https://github.com/BlockchainCommons/crypto-commons/blob/master/Docs/sskr-cold-storage.md). This will keep your backup safe in event of fire, flood or natural disaster.
-
-## Check Shamir's secret shares
-The Ledger application also provides an option to confirm the onboarded seed against SSKR shares.
-
-## Generate BIP39
-When the Shamir's secret shares have been validated the user can generate the BIP39 recovery phrase derived from those shares. This option takes advantage of SSKR's ability to perform a BIP39 <-> SSKR round trip. If a user has lost or damaged their original Ledger device they may need to generate the BIP39 recovery phrase on another secure device. A BIP39 recovery phrase may still be generated even if the SSKR phrases do not match the onboarded seed of a device but are still valid SSKR shares.
-
-## Generate [BIP85](https://github.com/bitcoin/bips/blob/master/bip-0085.mediawiki)
-Coming soon!!!!
-
-## Ledger Nano application menus
+## Application menu flow
```mermaid
---
-title: Seed Tool Nano App Flow
+title: Seed Tool menu flow
---
flowchart LR
1 --- 2 --- 3 --- 4
@@ -90,9 +57,9 @@ flowchart LR
2.1[Check SSKR] --> 2.2[Enter SSKR Shares] --> 2.3{Validate SSKR Shares}
2.3 --> |Valid SSKR| 2.4
2.3 --> |Invalid SSKR| 2.3.1[Quit]
- subgraph 2.4[Generate BIP39 Phrases]
+ subgraph 2.4[Recover BIP39 Phrases]
direction TB
- 2.4.1[Generate BIP39 Phrases] --> 2.4.2[Display BIP39 Phrases] --> 2.4.3[Quit]
+ 2.4.1[Recover BIP39 Phrases] --> 2.4.2[Display BIP39 Phrases] --> 2.4.3[Quit]
end
end
subgraph 3[Version]
@@ -105,7 +72,39 @@ flowchart LR
end
```
-## [BIP85](https://github.com/bitcoin/bips/blob/master/bip-0085.mediawiki)
+## Check BIP39
+The application invites the user to type a [BIP-39](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki) mnemonic on their Ledger device. The BIP-39 mnemonic is compared to the onboarded seed and the application notifies the user whether both seeds match or not.
+
+## Generate Shamir's secret sharing
+If the user provided seed is valid and matches the onboarded seed, the user can create [Shamir's secret sharing (SSS)](https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing) from their BIP-39 phrase.
+The application uses [Sharded Secret Key Reconstruction (SSKR)](https://github.com/BlockchainCommons/Research/blob/master/papers/bcr-2020-011-sskr.md), an interoperable implementation of [Shamir's Secret Sharing (SSS)](https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing). This provides a way for you to divide or 'shard' the master seed underlying a Bitcoin HD wallet into 'shares', which you can then distribute to friends, family, or fiduciaries. If you lose your seed, you can reconstruct it by collecting a sufficient number of your shares (the 'threshold'). Knowledge of fewer than the required number of parts ensures that information about the master secret is not leaked.
+
+* SSKR is round-trip compatible with BIP-39.
+* SSKR is based on SLIP-39, developed by SatoshiLabs. It is an improvement on, but is incompatible with, SLIP-39.
+* SSKR phrases use a dictionary of exactly 256 English words with a uniform word size of 4 letters.
+* SSKR encodes a [CBOR] structure tagged with the data type [URTYPES], and is therefore self-describing.
+* Phrases generated by SSKR can be up to 46 words in length i.e. 184 characters.
+* Only two letters of each word (the first and last) are required to uniquely identify each byte value, making a minimal [ByteWords](https://github.com/BlockchainCommons/Research/blob/master/papers/bcr-2020-012-bytewords.md) encoding as efficient as hexadecimal (2 characters per byte) and yet less error prone.
+* Additionally, words can be uniquely identified by their first three letters or last three letters.
+* Minimizing the number of letters for each word simplifies transfer to permanent media such as stamped metal.
+
+For more information about SSKR, see [SSKR for Users](https://github.com/BlockchainCommons/crypto-commons/blob/master/Docs/sskr-users.md).
+
+> [!NOTE]
+> SSKR is non-deterministic. There is a random factor introduced when the shares are created, which means that every time you generate shares they will be different. This is an expected and correct result.
+
+> [!TIP]
+> Generated Shamir's Secret Shares may be cheaply and safely backed up to a steel wallet using the methods described [here](https://blockmit.com/english/guides/diy/make-cold-wallet-washers/) or [here](https://github.com/BlockchainCommons/crypto-commons/blob/master/Docs/sskr-cold-storage.md). This will keep your backup safe in event of fire, flood or natural disaster.
+
+## Check Shamir's secret shares
+The Ledger application also provides an option to confirm the onboarded seed against SSKR shares.
+
+## Recover BIP39
+When the Shamir's secret shares have been validated the user can recover the BIP39 phrase derived from those shares. This option takes advantage of SSKR's ability to perform a BIP39 <-> SSKR round trip. If a user has lost or damaged their original Ledger device they may need to recover their BIP39 phrase on another secure device. A BIP39 phrase may still be recovered even if the SSKR phrases do not match the onboarded seed of a device but are still valid SSKR shares.
+
+## Generate [BIP85](https://github.com/bitcoin/bips/blob/master/bip-0085.mediawiki)
+**Coming soon!!!!**
+
BIP85 allows you to do crazy stuff like this:
```mermaid
---
@@ -205,4 +204,3 @@ flowchart TB
3.3[Signer 3]
end
```
-
diff --git a/TODO.md b/TODO.md
index b78b4030..ed45b0fa 100755
--- a/TODO.md
+++ b/TODO.md
@@ -2,6 +2,8 @@
### Todo
+- [ ] Improve the efficiency of the method used to perform an inverse operation in GF(256)
+- [ ] Improve the efficiency of the custom cx_bn_gf2_n_mul() function used for Nano S devices
- [ ] Update automated function tests to test on nanox and nanosp
- [ ] There is just enough memory available on Nano S to hold the phrases for 10 shares. Maybe just store SSKR Bytewords as shorter two letter minimal Bytewords rather than a 4 letter Byteword plus space for each share. Convert minimal ByteWords back to four letter Bytewords just prior to display.
@@ -21,15 +23,15 @@
- [x] Save memory by setting the SSKR word buffer (G_bolos_ux_context.sskr_words_buffer) to a sensible size
- [x] Add unit tests
- [x] Add code coverage to GitHub actions
-- [x] Add option to generate BIP39 mnemonics from SSKR shares even if shares do not validate against seed on device
- - A user may have lost or damaged original device and now needs to generate the recovery phrase from another secure device
+- [x] Add option to recover BIP39 mnemonics from SSKR shares even if shares do not validate against seed on device
+ - A user may have lost or damaged original device and now needs to recover the BIP39 phrase from another secure device
- [x] Fix warnings about deprecated functions during build
- [x] Remove duplicated nano code
- [x] Simplified flow code
- [x] Add flow to set SSKR threshold values
- [x] Add automated tests
- [x] Fix issue with using 'cx_crc32_hw()' function in 'onboarding_seed_sskr.c' when testing with Speculos
-- [x] Generate BIP39 mnemonic phrases from SSKR shares
+- [x] Recover BIP39 mnemonic phrases from SSKR shares
- [x] Add SSKR Check menu option
- [x] Add flow to the Check SSKR menu
- [x] Write SSKR to BIP39 functionality
diff --git a/src/constants.h b/src/constants.h
index b57c6cf0..edb43252 100644
--- a/src/constants.h
+++ b/src/constants.h
@@ -42,7 +42,7 @@ enum { STATIC_SCREEN, DYNAMIC_SCREEN };
// displayed and using the common string buffer as string parameter
#define KEYBOARD_RENDER_WORD \
3 // callback is called with a -1 when requesting complete word, or the char index else,
- // returnin 0 implies no char is to be displayed
+ // returning 0 implies no char is to be displayed
#define RESTORE_WORD_ACTION_REENTER_WORD 0
#define RESTORE_WORD_ACTION_FIRST_WORD 1
diff --git a/src/nano/nanos_enter_phrase.c b/src/nano/nanos_enter_phrase.c
index 1d3c3ba1..ef7316d3 100644
--- a/src/nano/nanos_enter_phrase.c
+++ b/src/nano/nanos_enter_phrase.c
@@ -132,13 +132,13 @@ UX_STEP_VALID(ux_bip39_match_step_1,
clean_exit(0),
{&C_icon_validate_14, "BIP39 Phrase", "is correct"});
UX_STEP_CB(ux_bip39_match_step_2, pb, clean_exit(0), {&C_icon_dashboard_x, "Quit"});
-UX_STEP_CB(ux_bip39_generate_step_1, pbb, set_sskr_descriptor_values();
+UX_STEP_CB(ux_bip39_recover_step_1, pbb, set_sskr_descriptor_values();
, {&SSKR_ICON, "Generate", "SSKR phrases"});
UX_FLOW(ux_bip39_match_flow,
&ux_bip39_match_step_1,
&ux_bip39_match_step_2,
- &ux_bip39_generate_step_1);
+ &ux_bip39_recover_step_1);
UX_STEP_CB(ux_sskr_invalid_step_1, pbb, screen_onboarding_sskr_restore_init();
, {&C_icon_warning, "SSKR Recovery", "phrase invalid"});
@@ -158,14 +158,14 @@ UX_FLOW(ux_sskr_nomatch_flow,
&ux_sskr_nomatch_step_1,
&ux_sskr_nomatch_step_2,
&ux_sskr_nomatch_step_3,
- &ux_bip39_generate_step_1);
+ &ux_bip39_recover_step_1);
UX_STEP_VALID(ux_sskr_match_step_1,
pbb,
clean_exit(0),
{&C_icon_validate_14, "SSKR Phrase", "is correct"});
UX_STEP_CB(ux_sskr_match_step_2, pb, clean_exit(0), {&C_icon_dashboard_x, "Quit"});
-UX_STEP_CB(ux_sskr_match_step_3, pbb, generate_bip39();, {&BIP39_ICON, "Generate", "BIP39 phrase"});
+UX_STEP_CB(ux_sskr_match_step_3, pbb, recover_bip39();, {&BIP39_ICON, "Recover", "BIP39 phrase"});
UX_FLOW(ux_sskr_match_flow, &ux_sskr_match_step_1, &ux_sskr_match_step_2, &ux_sskr_match_step_3);
diff --git a/src/nano/nanox_enter_phrase.c b/src/nano/nanox_enter_phrase.c
index 987e0ebf..c2ac33fd 100644
--- a/src/nano/nanox_enter_phrase.c
+++ b/src/nano/nanox_enter_phrase.c
@@ -192,14 +192,14 @@ UX_STEP_NOCB(ux_sskr_nomatch_step_2,
"order and spelling",
});
UX_STEP_VALID(ux_sskr_nomatch_step_3, pb, ui_idle_init(), {&C_icon_back_x, "Return to menu"});
-UX_STEP_CB(ux_bip39_generate_step_1, pbb, generate_bip39();
- , {&BIP39_ICON, "Generate", "BIP39 phrases"});
+UX_STEP_CB(ux_bip39_recover_step_1, pbb, recover_bip39();
+ , {&BIP39_ICON, "Recover", "BIP39 phrases"});
UX_FLOW(ux_sskr_nomatch_flow,
&ux_sskr_nomatch_step_1,
&ux_sskr_nomatch_step_2,
&ux_sskr_nomatch_step_3,
- &ux_bip39_generate_step_1);
+ &ux_bip39_recover_step_1);
UX_STEP_VALID(ux_sskr_match_step_1,
pbb,
@@ -207,10 +207,7 @@ UX_STEP_VALID(ux_sskr_match_step_1,
{&C_icon_validate_14, "SSKR Phrase", "is correct"});
UX_STEP_CB(ux_sskr_match_step_2, pb, clean_exit(0), {&C_icon_dashboard_x, "Quit"});
-UX_FLOW(ux_sskr_match_flow,
- &ux_sskr_match_step_1,
- &ux_sskr_match_step_2,
- &ux_bip39_generate_step_1);
+UX_FLOW(ux_sskr_match_flow, &ux_sskr_match_step_1, &ux_sskr_match_step_2, &ux_bip39_recover_step_1);
unsigned int screen_onboarding_restore_word_select_button(unsigned int button_mask,
unsigned int button_mask_counter);
diff --git a/src/nano/ux_nano.h b/src/nano/ux_nano.h
index dd209ee4..1714a2bb 100644
--- a/src/nano/ux_nano.h
+++ b/src/nano/ux_nano.h
@@ -109,7 +109,7 @@ void screen_common_keyboard_init(unsigned int stack_slot,
keyboard_callback_t callback);
void set_sskr_descriptor_values(void);
-void generate_bip39(void);
+void recover_bip39(void);
#include "ux_common/common_bip39.h"
#include "ux_common/common_sskr.h"
diff --git a/src/nano/ux_nano_bip39.c b/src/nano/ux_nano_bip39.c
index f595c791..a98e0996 100644
--- a/src/nano/ux_nano_bip39.c
+++ b/src/nano/ux_nano_bip39.c
@@ -29,7 +29,7 @@ UX_STEP_CB(step_bip39_clean_exit, pb, clean_exit(0), {&C_icon_dashboard_x, "Quit
UX_FLOW(display_bip39_flow, &step_display_bip39, &step_bip39_clean_exit, FLOW_LOOP);
-void generate_bip39(void) {
+void recover_bip39(void) {
// BIP39 phrase should already be in G_bolos_ux_context.words_buffer so just need to display it
ux_flow_init(0, display_bip39_flow, NULL);
}
diff --git a/src/sskr/sss/interpolate.c b/src/sskr/sss/interpolate.c
index 949dfa9d..de1e49c8 100644
--- a/src/sskr/sss/interpolate.c
+++ b/src/sskr/sss/interpolate.c
@@ -18,10 +18,10 @@
// 2nd Montgomery constant: R2 = x^(2*t*8) mod N(x)
// t = 1 since the number of bytes of R is 1.
#define MONTGOMERY_CONSTANT_R2 \
- { 0xA1 }
+ { 0x02 }
// Minimal required bytes for BN storing a GF(256) value
-#define GF2_8_MPI_BYTES 1
+#define GF2_8_MPI_BYTES 16
#if defined(TARGET_NANOS) && !defined API_LEVEL
/**
@@ -51,82 +51,61 @@ cx_err_t cx_bn_gf2_n_mul(cx_bn_t bn_r,
const cx_bn_t bn_n,
const cx_bn_t bn_h __attribute__((unused))) {
cx_err_t error = CX_OK;
- cx_bn_t bn_x, bn_y, bn_temp;
- int cmp_x, cmp_y;
- uint32_t degree = 0;
- size_t nbytes;
- bool bit_set = 0;
-
- // Preliminaries
- CX_CHECK(cx_bn_nbytes(bn_n, &nbytes));
- CX_CHECK(cx_bn_alloc(&bn_x, nbytes));
- CX_CHECK(cx_bn_alloc(&bn_y, nbytes));
- CX_CHECK(cx_bn_alloc(&bn_temp, nbytes));
- CX_CHECK(cx_bn_copy(bn_x, bn_a));
- CX_CHECK(cx_bn_copy(bn_y, bn_b));
+ uint32_t degree, nbits_a, nbits_b;
// Calculate the degree of the modulus polynomial
- CX_CHECK(cx_bn_copy(bn_temp, bn_n));
- do {
- CX_CHECK(cx_bn_cmp_u32(bn_temp, (uint32_t) 0, &cmp_x));
- CX_CHECK(cx_bn_shr(bn_temp, 1));
- } while (cmp_x != 0 && ++degree);
-
- // After loop degree is offset by 1
+ CX_CHECK(cx_bn_cnt_bits(bn_n, °ree));
degree--;
- if (degree < 1) {
- error = CX_INVALID_PARAMETER;
- goto end;
- }
- // Ensure both operands are in field
- CX_CHECK(cx_bn_shr(bn_x, degree));
- CX_CHECK(cx_bn_shr(bn_y, degree));
- // Maybe change cx_bn_cmp_u32 to cx_bn_cnt_bits
- CX_CHECK(cx_bn_cmp_u32(bn_x, (uint32_t) 0, &cmp_x));
- CX_CHECK(cx_bn_cmp_u32(bn_y, (uint32_t) 0, &cmp_y));
+ CX_CHECK(cx_bn_cnt_bits(bn_a, &nbits_a));
+ CX_CHECK(cx_bn_cnt_bits(bn_b, &nbits_b));
- if (cmp_x != 0 || cmp_y != 0) {
+ // Ensure both operands are in field
+ if (degree < 1 || nbits_a > degree || nbits_b > degree) {
error = CX_INVALID_PARAMETER;
goto end;
}
- // Check if both operands are non-zero
- CX_CHECK(cx_bn_copy(bn_x, bn_a));
- CX_CHECK(cx_bn_copy(bn_y, bn_b));
- // Maybe cx_bn_cmp_u32 change to cx_bn_cnt_bits
- CX_CHECK(cx_bn_cmp_u32(bn_x, (uint32_t) 0, &cmp_x));
- CX_CHECK(cx_bn_cmp_u32(bn_y, (uint32_t) 0, &cmp_y));
+ // Preliminaries
+ cx_bn_t bn_tempa, bn_tempb, bn_tempx;
+ uint32_t bit_indexb = 0;
+ size_t nbytes;
+ bool bit_set = 0;
+
+ CX_CHECK(cx_bn_nbytes(bn_n, &nbytes));
+ CX_CHECK(cx_bn_alloc(&bn_tempa, nbytes));
+ CX_CHECK(cx_bn_alloc(&bn_tempb, nbytes));
+ CX_CHECK(cx_bn_alloc(&bn_tempx, nbytes));
+ CX_CHECK(cx_bn_copy(bn_tempa, bn_a));
+ CX_CHECK(cx_bn_copy(bn_tempb, bn_b));
CX_CHECK(cx_bn_set_u32(bn_r, (uint32_t) 0));
// Main loop for multiplication
- while (cmp_x != 0 && cmp_y != 0) {
- CX_CHECK(cx_bn_tst_bit(bn_y, 0, &bit_set));
- if (bit_set) {
- CX_CHECK(cx_bn_copy(bn_temp, bn_r));
- CX_CHECK(cx_bn_xor(bn_r, bn_x, bn_temp));
- }
-
- CX_CHECK(cx_bn_shl(bn_x, 1));
- CX_CHECK(cx_bn_tst_bit(bn_x, degree, &bit_set));
+ if (nbits_a) {
+ while (nbits_b > bit_indexb) {
+ CX_CHECK(cx_bn_tst_bit(bn_tempb, bit_indexb, &bit_set));
+ if (bit_set) {
+ CX_CHECK(cx_bn_copy(bn_tempx, bn_r));
+ CX_CHECK(cx_bn_xor(bn_r, bn_tempa, bn_tempx));
+ }
- if (bit_set) {
- CX_CHECK(cx_bn_copy(bn_temp, bn_x));
- CX_CHECK(cx_bn_xor(bn_x, bn_n, bn_temp));
- }
+ CX_CHECK(cx_bn_shl(bn_tempa, 1));
+ CX_CHECK(cx_bn_tst_bit(bn_tempa, degree, &bit_set));
- CX_CHECK(cx_bn_shr(bn_y, 1));
+ if (bit_set) {
+ CX_CHECK(cx_bn_copy(bn_tempx, bn_tempa));
+ CX_CHECK(cx_bn_xor(bn_tempa, bn_n, bn_tempx));
+ }
- // Maybe change cx_bn_cmp_u32 to cx_bn_cnt_bits
- CX_CHECK(cx_bn_cmp_u32(bn_x, (uint32_t) 0, &cmp_x));
- CX_CHECK(cx_bn_cmp_u32(bn_y, (uint32_t) 0, &cmp_y));
+ bit_indexb++;
+ }
}
// Clean up
- CX_CHECK(cx_bn_destroy(&bn_x));
- CX_CHECK(cx_bn_destroy(&bn_y));
- CX_CHECK(cx_bn_destroy(&bn_temp));
+ CX_CHECK(cx_bn_destroy(&bn_tempa));
+ CX_CHECK(cx_bn_destroy(&bn_tempb));
+ CX_CHECK(cx_bn_destroy(&bn_tempx));
end:
return error;
@@ -218,10 +197,9 @@ cx_err_t interpolate(uint8_t n,
for (uint8_t j = 0; j < yl; j++) {
CX_CHECK(cx_bn_set_u32(bn_tempa, (uint32_t) yij[i][j]));
- CX_CHECK(cx_bn_set_u32(bn_result, (uint32_t) result[j]));
+ CX_CHECK(cx_bn_set_u32(bn_tempb, (uint32_t) result[j]));
CX_CHECK(cx_bn_gf2_n_mul(bn_tempa, bn_lagrange, bn_tempa, bn_n, bn_r2));
- CX_CHECK(cx_bn_copy(bn_tempb, bn_result));
CX_CHECK(cx_bn_xor(bn_result, bn_tempa, bn_tempb));
CX_CHECK(cx_bn_get_u32(bn_result, &result_u32));
result[j] = (uint8_t) result_u32;
diff --git a/src/ux_common/onboarding_seed_sskr.c b/src/ux_common/onboarding_seed_sskr.c
index b4c8af0a..9ee1ed9d 100644
--- a/src/ux_common/onboarding_seed_sskr.c
+++ b/src/ux_common/onboarding_seed_sskr.c
@@ -3,7 +3,6 @@
#include
#include
#include
-#include // until cx_crc32 is properly define in lib_cxng/include/lcx_crc.h
#include "onboarding_seed_rom_variables.h"
#include "common_bip39.h"
diff --git a/tests/functional/test_sskr_128bit.py b/tests/functional/test_sskr_128bit.py
index d3768c74..bbf61ebb 100755
--- a/tests/functional/test_sskr_128bit.py
+++ b/tests/functional/test_sskr_128bit.py
@@ -789,7 +789,7 @@ def nanos_sskr_128bit(backend, navigator):
navigator.navigate([NavInsID.RIGHT_CLICK], screen_change_before_first_instruction=False)
backend.wait_for_text_on_screen("Quit", 1)
navigator.navigate([NavInsID.RIGHT_CLICK], screen_change_before_first_instruction=False)
- backend.wait_for_text_on_screen("Generate", 1)
+ backend.wait_for_text_on_screen("Recover", 1)
backend.wait_for_text_on_screen("BIP39 phrase", 1)
navigator.navigate([NavInsID.BOTH_CLICK], screen_change_before_first_instruction=False)
backend.wait_for_text_on_screen("BIP39 Phrase", 1)
diff --git a/tests/functional/test_sskr_256bit.py b/tests/functional/test_sskr_256bit.py
index ee6c3bf6..3de2b270 100755
--- a/tests/functional/test_sskr_256bit.py
+++ b/tests/functional/test_sskr_256bit.py
@@ -1189,7 +1189,7 @@ def nanos_sskr_256bit(backend, navigator):
navigator.navigate([NavInsID.RIGHT_CLICK], screen_change_before_first_instruction=False)
backend.wait_for_text_on_screen("Quit", 1)
navigator.navigate([NavInsID.RIGHT_CLICK], screen_change_before_first_instruction=False)
- backend.wait_for_text_on_screen("Generate", 1)
+ backend.wait_for_text_on_screen("Recover", 1)
backend.wait_for_text_on_screen("BIP39 phrase", 1)
navigator.navigate([NavInsID.BOTH_CLICK], screen_change_before_first_instruction=False)
backend.wait_for_text_on_screen("BIP39 Phrase", 1)
diff --git a/tests/unit/CMakeLists.txt b/tests/unit/CMakeLists.txt
index c9811155..fee8040a 100644
--- a/tests/unit/CMakeLists.txt
+++ b/tests/unit/CMakeLists.txt
@@ -6,7 +6,7 @@ endif()
# project information
project(unit_tests
- VERSION 1.7.0
+ VERSION 1.7.3
DESCRIPTION "Unit tests for app-seed-tool Ledger Application"
LANGUAGES C)
@@ -98,7 +98,7 @@ find_package(cmocka QUIET)
include(FetchContent)
FetchContent_Declare(
cmocka
- GIT_REPOSITORY https://git.cryptomilk.org/projects/cmocka.git
+ GIT_REPOSITORY https://gitlab.com/cmocka/cmocka.git
GIT_TAG cmocka-1.1.7
GIT_SHALLOW 1
)
@@ -112,7 +112,7 @@ FetchContent_MakeAvailable(cmocka)
add_compile_definitions(TEST DEBUG=0 SKIP_FOR_CMOCKA)
add_compile_definitions(TARGET_NANOS HAVE_HASH HAVE_HMAC HAVE_SHA224 HAVE_SHA256 HAVE_SHA512 HAVE_PBKDF2 HAVE_ECC HAVE_CRC HAVE_RNG IO_HID_EP_LENGTH=64)
-include_directories(${CMAKE_CURRENT_SOURCE_DIR}/lib $ENV{LEDGER_SECURE_SDK}/include $ENV{LEDGER_SECURE_SDK} $ENV{LEDGER_SECURE_SDK}/lib_cxng/src $ENV{LEDGER_SECURE_SDK}/lib_cxng/include $ENV{LEDGER_SECURE_SDK}/lib_ux/include $ENV{LEDGER_SECURE_SDK}/lib_bagl/include)
+include_directories(${CMAKE_CURRENT_SOURCE_DIR}/lib $ENV{LEDGER_SECURE_SDK}/include $ENV{LEDGER_SECURE_SDK}/lib_cxng/src $ENV{LEDGER_SECURE_SDK}/lib_cxng/include $ENV{LEDGER_SECURE_SDK}/lib_ux/include $ENV{LEDGER_SECURE_SDK}/lib_bagl/include)
# add src
install_apk_packages(linux-headers)
diff --git a/tests/unit/lib/bolos/cxlib.h b/tests/unit/lib/bolos/cxlib.h
index dcddecbe..7a944963 100644
--- a/tests/unit/lib/bolos/cxlib.h
+++ b/tests/unit/lib/bolos/cxlib.h
@@ -11,6 +11,7 @@
// Defines
//-----------------------------------------------------------------------------
// Those defines can be found in the SDK, in cx_errors.h file:
+#ifndef CX_CHECK
#define CX_CHECK(call) \
do { \
error = call; \
@@ -18,6 +19,7 @@
goto end; \
} \
} while (0)
+#endif
#define CX_CHECK_IGNORE_CARRY(call) \
do { \